What do you actually own when you buy an IoT device?

We’ve all done it. The crappy service that leaves you fuming so you vent your frustration by writing a crappy review… a onestar review. That’ll show ’em!

I used to work in the kids’ online game world and you only ever got five stars or one star. Kids voted with their hearts, with little concern or grasp of empathy. In a more sage, grown-up world, star ratings are more evenly distributed. Five and four stars are the norm.

However, a snoop at Yelp’s rating data reveals that the fastest-growing star ratings are – you guessed it – one and five stars. We’re becoming less balanced and a little more polar.

So what? The service was poor and it’s your job to warn others, right? Damn right! It’s your opinion and, except for a few theatrical exaggerations here and there, it’s based on facts. What could possibly go wrong?

As it turns out, the answer is "lots" and, in the future, the answer is "lots and lots". At this point, I should declare that I have some experience of the darker side of this world. I can’t go into too many details for legal reasons (no, really!).

What do you actually own when you buy an Internet of Things device? What guarantees do you have that your thing’s data will still connect to the internet in a year’s time?

I was one of a few people who left a one-star review for a business that, in my opinion, gave poor service. Several of us refused to remove our one-star reviews and, the next thing we knew, we had defamation proceedings initiated against us.

Cue six months of lawyers, high court dates and stress. It wasn’t particularly fun.

To be fair, many companies suffer from malicious one-star review attacks. It’s easy enough for a local competitor business to set up fake accounts to drive a rival’s ratings down.

Many rating sites allow reviewers (for obvious reasons) to remain anonymous, so it must be galling for a company to suspect they are being played with but have no way of proving it.

The traditional route of threatening to sue the reviewers individually (which is expensive for everyone concerned) is madness. But a new form of madness is starting to emerge: the OSDOS attack. OK, I made that up – but the "one-star denial of service attack" should be a thing.

Let me explain… At the beginning of 2016, a Kickstarter campaign for the Garadget, an internet-connected garage door opener you control with your phone, achieved its funding. It’s a great idea. Production had gone well and you can buy them on Amazon – that’s what one customer did.

It seems things didn’t quite go to plan, so he took to the forums on the Garadget site. Not getting much joy, he left a one-star review on Amazon: "Junk – DO NOT WASTE YOUR MONEY – iPhone app is a piece of junk, crashes constantly, start-up company that obviously has not performed proper quality assurance tests on their products."

"I’m happy to provide the technical support to the customers on my Saturday night but I’m not going to tolerate any tantrums. At this time your only option is return Garadget to Amazon for refund. Your unit ID 2f0036… will be denied server connection."

Just to be clear, the customer’s seemingly useless remote garage door opener had been rendered useless remotely. That’s an example of irony even Alanis Morissette would get.

What if Donald Trump denied us all access to GPS? It’s just a digital service, after all. I checked.

It scratches the surface of a wider question – what do you actually own when you buy an Internet of Things device? What guarantees do you have that your thing’s data will still connect to the internet in a year’s time? And what rights do you have when it comes to forced disconnection for seemingly unrelated events?

In this case, a bad review was enough to be denied access to a product that (by any rational definition) was paid for and fully "owned". But what if – and I’m being purposefully idiotic here to prove the point – a commercial passenger jet had its GPS satellite navigation access revoked because of a spat between chief executives?

Or, as some reports have hinted, what if Donald Trump denied us all access to GPS? It’s just a digital service, after all. I checked. TomTom has a "force majeure" clause that covers this in its terms and conditions and, no, you don’t get a refund.

So in a world moving headlong into internetconnected everything, it’s worth considering two things. First, what would happen if the connected "service" was lost? Would it be inconvenient or would it actually be dangerous?

Second, and more importantly, do you really need to leave that one-star review? It may have more consequences than you think.

Dino Burbidge is the director of technology and innovation at WCRS.@dinozoiks